diff options
| author | Stuart Henderson <sthen@cvs.openbsd.org> | 2014-10-01 13:19:52 +0000 |
|---|---|---|
| committer | Stuart Henderson <sthen@cvs.openbsd.org> | 2014-10-01 13:19:52 +0000 |
| commit | 76c7a77d68b5f170b64fedaab7cf0b9ec78fb39b (patch) | |
| tree | 485fb26bd76efeb03b66df1d1e6517219c2f6192 /lib/libcrypto | |
| parent | 80f99585f437a101cdca78c1ff66850d677dd90a (diff) | |
openssl.cnf tweaks following recent changes to usr.bin/openssl:
- don't define default_bits, allowing the compiled-in default (now 2048
bits) to take priority.
- add commented-out default_md line in case somebody needs an easy way
to change this.
- remove some sample sections which aren't really useful in the default
file (/etc/examples is the place for a more descriptive config, this
file should be barebones).
Help/OK jsing@. OKs on earlier diff (openssl.cnf only) from phessler@ aja@.
Diffstat (limited to 'lib/libcrypto')
| -rw-r--r-- | lib/libcrypto/openssl.cnf | 47 |
1 files changed, 3 insertions, 44 deletions
diff --git a/lib/libcrypto/openssl.cnf b/lib/libcrypto/openssl.cnf index bb97b155b8d..8ce83bf90d9 100644 --- a/lib/libcrypto/openssl.cnf +++ b/lib/libcrypto/openssl.cnf @@ -1,41 +1,20 @@ -# -# OpenSSL example configuration file. -# This is mostly being used for generation of certificate requests. -# - -RANDFILE = /dev/arandom - -#################################################################### [ req ] -default_bits = 1024 -default_keyfile = privkey.pem +#default_bits = 2048 +#default_md = sha256 +#default_keyfile = privkey.pem distinguished_name = req_distinguished_name attributes = req_attributes [ req_distinguished_name ] countryName = Country Name (2 letter code) -#countryName_default = AU countryName_min = 2 countryName_max = 2 - stateOrProvinceName = State or Province Name (full name) -#stateOrProvinceName_default = Some-State - localityName = Locality Name (eg, city) - 0.organizationName = Organization Name (eg, company) -#0.organizationName_default = Internet Widgits Pty Ltd - -# we can do this but it is not needed normally :-) -#1.organizationName = Second Organization Name (eg, company) -#1.organizationName_default = CryptSoft Pty Ltd - organizationalUnitName = Organizational Unit Name (eg, section) -#organizationalUnitName_default = - commonName = Common Name (eg, fully qualified host name) commonName_max = 64 - emailAddress = Email Address emailAddress_max = 64 @@ -43,23 +22,3 @@ emailAddress_max = 64 challengePassword = A challenge password challengePassword_min = 4 challengePassword_max = 20 - -unstructuredName = An optional company name - -[ x509v3_extensions ] - -nsCaRevocationUrl = http://www.cryptsoft.com/ca-crl.pem -nsComment = "This is a comment" - -# under ASN.1, the 0 bit would be encoded as 80 -nsCertType = 0x40 - -#nsBaseUrl -#nsRevocationUrl -#nsRenewalUrl -#nsCaPolicyUrl -#nsSslServerName -#nsCertSequence -#nsCertExt -#nsDataType - |